General
-
Target
QP0990001.zip
-
Size
657B
-
Sample
231003-lzfddahf9z
-
MD5
24d30f9d284bdff7a56ca84ee7b488f3
-
SHA1
72da4c3ab71dc5f9415dd4f6f01db7e00eaac492
-
SHA256
d6d581d3f057f38909f94459869b269fd099025f3e1714a7bb733ef888623391
-
SHA512
c83d5725fbfde024837e20cb9f2fe41b9d6e814dc1bcd4234a6c13e84cb6eec89d6f4164a5de112773bd378085d7691199b6c2e8a35fbfd8b29be01c2125b71c
Static task
static1
Behavioral task
behavioral1
Sample
QP0990001.lnk
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
QP0990001.lnk
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6678785785:AAE948y1Spb4BUdVN86G6De5C3QmbuoXvWc/sendMessage?chat_id=6445748530
Targets
-
-
Target
QP0990001.lnk
-
Size
2KB
-
MD5
c23a4b2e392af2535198428aafcbc7a4
-
SHA1
02a472fb5f6be33044c51420b6fa98fe3adf6251
-
SHA256
81b9e6ecd9d94421b7bef50c53e109e15927b3fdfb5068f51a742b662a7deaad
-
SHA512
17172ade2ef629d2b878635015a6bcbc73464737b51fc7312b1b6ffc76ea238a568bae3f479c8e2f5ef775404681d731c8217cdb6249fad8a5db98902ea00747
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-